Merge branch 'dev' into master-into-dev/2.51.1-2.52.0-dev

Author: rossops

.github/pull_request_template.md

@@ -26,7 +26,7 @@ This checklist is for your information.
 - [ ] Bugfixes should be submitted against the `bugfix` branch.
 - [ ] Give a meaningful name to your PR, as it may end up being used in the release notes.
 - [ ] Your code is flake8 compliant.
-- [ ] Your code is python 3.12 compliant.
+- [ ] Your code is python 3.13 compliant.
 - [ ] If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
 - [ ] Model changes must include the necessary migrations in the dojo/db_migrations folder.
 - [ ] Add applicable tests to the unit tests.

.github/workflows/close-stale.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Close issues and PRs that are pending closure
-        uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+        uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
         with:
           # Disable automatic stale marking - only close manually labeled items
           days-before-stale: -1

.github/workflows/k8s-tests.yml

@@ -5,15 +5,6 @@ on:
 
 env:
   DD_HOSTNAME: defectdojo.default.minikube.local
-  HELM_REDIS_BROKER_SETTINGS: " \
-    --set redis.enabled=true \
-    --set celery.broker=redis \
-    --set createRedisSecret=true \
-    "
-  HELM_PG_DATABASE_SETTINGS: " \
-    --set postgresql.enabled=true \
-    --set createPostgresqlSecret=true \
-   "
 jobs:
   setting_minikube_cluster:
     name: Kubernetes Deployment
@@ -25,9 +16,7 @@ jobs:
           # databases, broker and k8s are independent, so we don't need to test each combination
           # lastest k8s version (https://kubernetes.io/releases/) and oldest supported version from aws
           # are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions)
-          - databases: pgsql
-            brokers: redis
-            k8s: 'v1.34.0'
+          - k8s: 'v1.34.0'
             os: debian
     steps:
       - name: Checkout
@@ -68,12 +57,6 @@ jobs:
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo
 
-      - name: Set confings into Outputs
-        id: set
-        run: |-
-              echo "pgsql=${{ env.HELM_PG_DATABASE_SETTINGS }}" >> $GITHUB_ENV
-              echo "redis=${{ env.HELM_REDIS_BROKER_SETTINGS }}" >> $GITHUB_ENV
-
       - name: Deploying Django application with ${{ matrix.databases }} ${{ matrix.brokers }}
         timeout-minutes: 15
         run: |-
@@ -86,8 +69,10 @@ jobs:
                --set django.ingress.enabled=true \
                --set imagePullPolicy=Never \
                --set initializer.keepSeconds="-1" \
-               ${{ env[matrix.databases] }} \
-               ${{ env[matrix.brokers] }} \
+               --set redis.enabled=true \
+               --set createRedisSecret=true \
+               --set postgresql.enabled=true \
+               --set createPostgresqlSecret=true \
                --set createSecret=true
 
       - name: Check deployment status

.github/workflows/release-x-manual-helm-chart.yml

@@ -87,7 +87,7 @@ jobs:
           echo "chart_version=$(ls build | cut -d '-' -f 2,3 | sed 's|\.tgz||')" >> $GITHUB_ENV
 
       - name: Create release ${{ inputs.release_number }}
-        uses: softprops/action-gh-release@62c96d0c4e8a889135c1f3a25910db8dbe0e85f7 # v2.3.4
+        uses: softprops/action-gh-release@aec2ec56f94eb8180ceec724245f64ef008b89f5 # v2.4.0
         with:
           name: '${{ inputs.release_number }} 🌈'
           tag_name: ${{ inputs.release_number }}

.github/workflows/test-helm-chart.yml

@@ -24,7 +24,7 @@ jobs:
 
       - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
-          python-version: 3.13
+          python-version: 3.14
 
       - name: Configure Helm repos
         run: |-
@@ -68,6 +68,10 @@ jobs:
       - name: Check update of "artifacthub.io/changes" HELM annotation
         if: env.changed == 'true'
         run: |
+          # fast fail if `git show` fails
+          set -e
+          set -o pipefail
+
           target_branch=${{ env.ct-branch }}
 
           echo "Checking Chart.yaml annotation changes"
@@ -76,7 +80,7 @@ jobs:
           current_annotation=$(yq e '.annotations."artifacthub.io/changes"' "helm/defectdojo/Chart.yaml")
 
           # Get target branch version of Chart.yaml annotation
-          target_annotation=$(git show "${{ env.ct-branch }}:helm/defectdojo/Chart.yaml" | yq e '.annotations."artifacthub.io/changes"' -)
+          target_annotation=$(git show "origin/${{ env.ct-branch }}:helm/defectdojo/Chart.yaml" | yq e '.annotations."artifacthub.io/changes"' -)
 
           if [[ "$current_annotation" == "$target_annotation" ]]; then
             echo "::error file=helm/defectdojo/Chart.yaml::The 'artifacthub.io/changes' annotation has not been updated compared to ${{ env.ct-branch }}. For more, check the hint in 'helm/defectdojo/Chart.yaml'"

Dockerfile.django-alpine

@@ -5,7 +5,7 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.12.11-alpine3.22@sha256:02a73ead8397e904cea6d17e18516f1df3590e05dc8823bd5b1c7f849227d272 AS base
+FROM python:3.13.7-alpine3.22@sha256:9ba6d8cbebf0fb6546ae71f2a1c14f6ffd2fdab83af7fa5669734ef30ad48844 AS base
 FROM base AS build
 WORKDIR /app
 RUN \

Dockerfile.django-debian

@@ -5,7 +5,7 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.12.11-slim-trixie@sha256:d67a7b66b989ad6b6d6b10d428dcc5e0bfc3e5f88906e67d490c4d3daac57047 AS base
+FROM python:3.13.7-slim-trixie@sha256:5f55cdf0c5d9dc1a415637a5ccc4a9e18663ad203673173b8cda8f8dcacef689 AS base
 FROM base AS build
 WORKDIR /app
 RUN \

Dockerfile.integration-tests-debian

@@ -3,7 +3,7 @@
 
 FROM openapitools/openapi-generator-cli:v7.16.0@sha256:e56372add5e038753fb91aa1bbb470724ef58382fdfc35082bf1b3e079ce353c AS openapitools
 # currently only supports x64, no arm yet due to chrome and selenium dependencies
-FROM python:3.12.11-slim-trixie@sha256:d67a7b66b989ad6b6d6b10d428dcc5e0bfc3e5f88906e67d490c4d3daac57047 AS build
+FROM python:3.13.7-slim-trixie@sha256:5f55cdf0c5d9dc1a415637a5ccc4a9e18663ad203673173b8cda8f8dcacef689 AS build
 WORKDIR /app
 RUN \
   apt-get -y update && \

Dockerfile.nginx-alpine

@@ -5,7 +5,7 @@
 # Dockerfile.django-alpine to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.12.11-alpine3.22@sha256:02a73ead8397e904cea6d17e18516f1df3590e05dc8823bd5b1c7f849227d272 AS base
+FROM python:3.13.7-alpine3.22@sha256:9ba6d8cbebf0fb6546ae71f2a1c14f6ffd2fdab83af7fa5669734ef30ad48844 AS base
 FROM base AS build
 WORKDIR /app
 RUN \

components/package.json

@@ -14,7 +14,7 @@
     "clipboard": "^2.0.11",
     "datatables.net": "^2.3.4",
     "datatables.net-buttons-bs": "^3.2.5",
-    "datatables.net-colreorder": "^2.1.1",
+    "datatables.net-colreorder": "^2.1.2",
     "drmonty-datatables-plugins": "^1.0.0",
     "drmonty-datatables-responsive": "^1.0.0",
     "easymde": "^2.20.0",